Bug ID 455391: Bad parsing of query string in URL with authentication

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.6.2 HF1, 11.3.0, 11.4.0, 11.4.1

Fixed In:
11.6.0, 11.5.1 HF4, 11.4.1 HF6, 11.4.0 HF7, 11.3.0 HF9

Opened: Apr 03, 2014

Severity: 3-Major


ASM bypass techniques discovered during Pentest.


Causes ASM to misbehave within the query string parser, and fails to detect relevant malicious requests.


Request with authentication URL.



Fix Information

We improved how the system parses query strings in absolute URLs.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips